CVE-2019-11662

CVE-2019-11662 affects Micro Focus Service Manager versions 9.30 through 9.62. The issue arises from class and method names being exposed in error messages, enabling information exposure in some special cases. The connected Red Hat and CVE metadata reiterate the same description and do not provid...

WordPress XSS Bug Allows Drive-By Code Execution

A just-patched stored cross-site scripting XSS vulnerability in WordPress allowed drive-by remote code-execution, according to an analysis. The bug exists in the built-in editor Gutenberg, which is found in WordPress 5.0 and above. Zhouyuan Yang, a threat-researcher at FortiGuard Labs, said that...

CVE-2019-1273

A cross-site-scripting XSS vulnerability exists when Active Directory Federation Services ADFS does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'...

CVE-2019-6792

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information...

CVE-2019-13407

A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly...

CVE-2019-13407

CVE-2019-13407 affects Advan VD-1 firmware versions up to 230. The issue arises in cgibin/ssi.cgi where a resource-not-found error message is not properly escaped, causing a reflected cross-site scripting (XSS) vulnerability. Impact is user-injected script execution in the context of the device’s...

Cross-Site Scripting (XSS)

status-board is vulnerable to cross-site scripting XSS. The displayed error message is not sanitized and would allow remote attackers to inject arbitrary Javascript into a victim's browser through the safeDashboardName parameter...

CVE-2019-4484

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068...

CVE-2019-4485

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069...

CVE-2019-4420

IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738...

CVE-2019-4308

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034...

Information disclosure

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068...

Information disclosure

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069...

CVE-2019-4485

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069...

CVE-2019-4485

The CVE-2019-4485 issue affects IBM Emptoris Sourcing <10.1.4, IBM Contract Management <10.1.4, and IBM Emptoris Spend Analysis

PT-2019-17105 · Ibm · Ibm Emptoris Spend Analysis +2

Name of the Vulnerable Software and Affected Versions: IBM Emptoris Sourcing versions 10.1.0 through 10.1.3 IBM Contract Management versions 10.1.0 through 10.1.3 IBM Emptoris Spend Analysis versions 10.1.0 through 10.1.3 Description: The issue generates an error message that includes sensitive...

sssd security, bug fix, and enhancement update

1.16.4-21 - Resolves: rhbz1714952 - sssd RHEL 7.7 Tier 0 Localization - Rebuild japanese gmo file explicitly 1.16.4-20 - Resolves: rhbz1714952 - sssd RHEL 7.7 Tier 0 Localization 1.16.4-19 - Resolves: rhbz1707959 - sssd does not properly check GSS-SPNEGO 1.16.4-18 - Resolves: rhbz1710286 - The...

spice-gtk security and bug fix update

libgovirt 0.3.4-2 - Parse XML nodes automatically Related: rhbz1427467 - Set detailed error message for async call Related: rhbz1427467 spice-gtk 0.35-4 - Fix bad channel-reset on usbredir Resolves: rhbz1625550 0.35-3 - Fix insufficient encoding checks for LZ Resolves: rhbz1598652 spice-vdagent...

CVE-2019-7941

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user...

CVE-2019-7941

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user...